Rockwell Automation Publication 1783-UM010C-EN-P - June 2019 29
Industrial Firewall Use Cases Chapter 2
• Redundancy and availability requirements. For example, when the
IFW is configured with trunk ports, then hardware bypass mode is
not available in this architecture.
• Hardware bypass is only supported when the IFW is placed inline
with an access link. When the IFW is placed inline with a trunk link,
hardware bypass is not supported.
Ring Cell/Area Zone
Protection
The ring cell/area zone protection use case is used to monitor and apply
security policies to a ring. As shown in Figure 10
, two Transparent Mode
firewalls are placed between the distribution switches and the ring. The IFWs
are not acting as an active/standby firewall pair in this configuration; rather,
they simply provide firewall and, possibly, DPI functionality on both ingress
points of the network ring.
Figure 10 - Industrial Firewall Placement for Ring Cell_Area Zone Protection
To Next Page
Loading...